Throughout April, worms have ripped through the “micro-blogging” platform, infecting user accounts with malicious code that spread from profile to profile as Twitterers visited one anther’s compromised pages. Every time Twitter’s administrators declared that they had cleaned up the infection, a new strain of malicious code would begin propagating through thousands of accounts, week after week.
So far, that string of 140-character epidemics has seemed to be nothing more than an experiment in hacking Twitter, designed by a 17-year-old Brooklynite named Mikey Mooney. But the warnings for the micro-blogging platform and its explosively growing user base are clear enough: Next time, the same sort of worm could be designed to steal users’ passwords or hijack their PCs with malicious software.
Cyber Security researchers may not be surprised that novel attacks follow every new digital medium that becomes popular. But for everyone else, the recognition that cybercriminal exploits are changing almost as rapidly as Twitter’s real-time updates presents a daunting problem: How do we practice safe online behavior when the Web’s safety code is constantly in flux?
“The rules are always changing as the threat landscape changes,” says Jeremiah Grossman, a Web security researcher with White Hat Security. “It’s like you’re told not to shake hands with the guy who’s coughing and whose nose is running. But then it turns out that someone who looks healthy can infect you just as easily.”
One of those new rules, Grossman says, is that generic messages from “friends” on social sites like Twitter and Facebook can no longer be completely trusted, given that both sites have been repeatedly hijacked by hackers.
But the erosion of trust online goes further: Simply visiting a site that’s been infected with malicious software can download password-stealing software to a user’s PC, a technique known as a “drive-by download.” An evolving breed of attack known as DNS (Domain Name System) redirection can send users to invisible look-a-like sites when they type an address directly into a browser (see “For a Poisoned Internet, No Quick Fix”). And hacker tricks like Cross-Site Scripting and Cross-Site Request Forgery allow some sites to steal the “cookie” files downloaded to your browser, giving hackers access to any past site you’ve visited .
Website : www.twitter.comService : Micro-Blogging
Available Language(s) : English, Japanese
Location : South Park, San Francisco, California
Founded : March 2006
Twitter is social networking and micro-blogging site that allows users to post their latest updates. An update is limited by 140 characters and can be posted through three methods: web form, text message, or instant message.The service was started by Obvious Corp, and had launched the Japanese version in April 2008.
No comments yet.